R3166-R3206-HP High-End Firewalls VPN Command Reference-6PW101
77
Description
Use the mandatory-chap command to force the LNS to perform a CHAP authentication of the user.
Use the undo mandatory-chap command to disable CHAP authentication on the LNS.
By default, an LNS does not perform CHAP authentication of users.
An LNS authenticates the client in addition to the proxy authentication that occurs at the LAC for higher
security. If the mandatory-chap command is used, two authentications are performed for the clients
connected to the VPN through an initialized tunnel of the NAS: one on the NAS side and the other on
the LNS side. Some PPP clients may not support the second authentication. In this case, the LNS-side
CHAP authentication will fail.
Related commands: mandatory-lcp.
Examples
# Perform CHAP authentication by force.
<Sysname> system-view
[Sysname] l2tp-group 1
[Sysname-l2tp1] mandatory-chap
mandatory-lcp
Syntax
mandatory-lcp
undo mandatory-lcp
View
L2TP group view
Default level
2: System level
Parameters
None
Description
Use the mandatory-lcp command to force an LNS to perform LCP negotiation with users.
Use the undo mandatory-lcp command to disable the LCP negotiation.
By default, an LNS does not perform LCP negotiation with users.
When starting a PPP session, a client of NAS-initialized VPN will first negotiate with the network access
server (NAS) for LCP parameters. If the negotiation succeeds, the NAS initializes a tunnel and then
transfers the negotiated results to the LNS. Then the LNS verifies whether the client is valid depending on
the proxy authentication information. You can use the mandatory-lcp command to force the LNS to
perform LCP re-negotiation for the client. In this case, the proxy authentication information of the NAS will
be neglected. Some PPP clients may not support LCP re-negotiation. In this case, the LCP re-negotiation
will fail.
Related commands: mandatory-chap.
Examples
# Perform LCP negotiation by force.